diff options
Diffstat (limited to 'config/snort/snort_ftp_server_engine.php')
-rw-r--r-- | config/snort/snort_ftp_server_engine.php | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php index e70033e7..618c8d85 100644 --- a/config/snort/snort_ftp_server_engine.php +++ b/config/snort/snort_ftp_server_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_ftp_server_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,12 +34,15 @@ global $g; $snortdir = SNORTDIR; // Grab any QUERY STRING or POST variables -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); if (is_null($id)) { // Clear and close out any session variable we created @@ -85,7 +88,7 @@ if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports") && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); if(!isset($_SESSION['ftp_server_import'])) $_SESSION['ftp_server_import'] = array(); @@ -109,7 +112,7 @@ if ($_GET['act'] == "import") { } } -if ($_POST['Submit']) { +if ($_POST['save']) { // Clear and close out any session variable we created session_start(); @@ -191,7 +194,7 @@ if ($_POST['Submit']) { } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Server Engine"); include_once("head.inc"); @@ -316,7 +319,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save ftp engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo |